Prosecution Futures - The Blockchain Evidence Against Force and Bridges

I once heard a joke calling bitcoin transactions "prosecution futures," the premise being that any illegal activity you conduct on the blockchain will be sitting there ready for prosecuting agencies to find.  The oldest reference to "prosecution futures" I could find in three pages of search results was from the naked capatalist blog.  The author imagined that the futures were for money laundering and tax evasion.  I don't think it ever crossed their mind that what would ultimately transpire was sworn federal agents violating their oath.

Enter the latest and most surreal twist in the Silk Road saga to date.  Yesterday the DOJ released a criminal complaint against former DEA agent Carl Mark Force IV and former Secret Service Agent Shaun Bridges.  The surreal part is not the core allegation, where it is alleged that Force and Bridges were skimming the profits from undercover drug sales.  But where they had managed to embed themselves so deeply they were engaging in some of the more salacious stories emerging at the trial.  The January 2013 theft?  That was the undercover agents.  One of the murder for hire allegations?  Yep, complete with faked pictures.  Causing the collapse of Mt. Gox? Well, no.  I'm not convinced about it yet but it is at least in the realm of reasonable theories. Even Hollywood couldn't make this up.  But remember, these are all allegations until proven in a court of law at trial.

I am not a Lawyer

I would like to point out that I am not a lawyer.  I did not do any correspondence courses to the University of American Samoa and it didn't take me three tries to pass the State of New Mexico Bar Exam (I've never tried).  So if you are reading this blog realize this is for entertainment purposes and is not legal advice.  I feel the need to say this since I'm going to be re-creating some of the exhibits and pointing out a few minor clerical errors.

However what I do find significant in this complaint is that three of the exhibits showed a significant amount of blockchain analysis. This is something we didn't see in the Ross Ulbricht trial, the only connections entered into evidence were direct transactions between the Iceland server and Ross's laptop.  But to be honest, that was really all they needed since the evidence was so overwhelming.  This case is significant because they are entering in as evidence bitcoin traces involving multiple transactions.  (And they even had a footnote on page 9 discussing the proper capitalization of bitcoin.)

Exhibit B

Exhibit B is the most complex graph in the complaint.  It outlines a 525 BTC payment to Force received from DPR, where Force pretending to be a corrupt government official offering his knowledge and expertise (except allegedly he wasn't pretending).  I was able to recreate this graph by entering only one of the addresses and waling up and down the transaction graph, so despite my nits the exhibit is generally correct.

Exhibit B [numisgraph]

The transactions where Force was paid by DPR begin at the top four orange transactions.  What follows is a series of relays, peels, and sweeps that wind up with one large sweep at the 02d7b4b8 transaction and then a final sweep at f7dcec4f  before a relay into CampBX.  There are two transactions in the middle of the shuffle representing nearly 34 BTC which was replaced from a transaction in the second sweep that (according to the exhibit graph) match back up to Silk Road.  This appears to be what passed for coin shuffling at Silk Road, but to be fair CoinJoin had just been announced during the events in this exhibit.  But what made this game of three card Monte pointless was when the whole value was combined in the end just before the deposit into CampBX.

Compared to the Exhibit B graph (on page 55 of the PDF) there is one major stylistic difference is that I focus the vertices of the graphs in this blog on the transactions and the edges represent the transaction outputs that are attached to particular bitcoin addresses.  The exhibit graph has the vertices as the transaction outputs.  In fact, some vertices represent multiple transactions that are self spending peeling transactions.  The flaw I see in this is that there is no room for the transaction IDs and some details about the creation and spending of transaction outputs can be lost.

There are also a few clerical errors in the exhibit in the complaint, and some elided details that exist in the transactions that are lacking in an address focused graph.  This is likely the result of copy paste errors as it appears that a tool such as PowerPoint or Analyst's Notebook was used to generate the exhibit. The left two branches from DPR have the second and third addresses swapped.  There are some coins that exit the system just to the lower right of the center of the exhibit.  Those coins do exit but there are several intervening addresses left out of the exhibit.  And the major sweep at the bottom of the graph is actually two sweeps from two different addresses, all winding up in the 136jvwh address eventually.

There are advantages of a hand made graph.  The lines and arrangement of the graph are much more aesthetically pleasing.  Right now I am using JGraph for my graphing layout but I am exploring a more expensive option, but based on my professional experience yFiles is the best library in the business for graph layouts.  You also pay for the quality of the work.

All these nits aside the core narrative of the exhibit is correct: DPR danced 525 bitcoins to Force in a complex series of transactions.  The clerical errors and stylistic nits do nothing to diminish this message.

Exhibit E

Exhibit E represents the payment of 770 BTC from DPR to Force (under the pseudonym frenchmaid) in connection with the alleged murder for hire that Force lied about carrying out.

Exhibit E [numisgraph]

This graph shows a series of five payments relayed to Force that were in the end deposited into one of several CampBX deposit addresses.  There were no clerical errors in this page (there were also less addresses).  The edge on the left also didn't show the structure of the peeling chain that was formed by breaking off the four payments.  Creating four separate amounts did nothing to hide the shared origin of the amounts.

Exhibit F

This exhibit is even less interesting than Exhibit E was compared to Exhibit B.  It represents the skimming done by Bridges into Mt. Gox, and then to his Fidelity account.

Exhibit F [numisgraph]

All of the transactions were peeing transactions, self peeling transactions at that.  The single address used at Mt. Gox then received the proceeds which he then cashed out into his Fidelity account.  Seriously, his Fidelity account, a large brokerage that was likely more than happy to hand over customer information when served with a legal and correct search warrant.

Conclusion

This will be an interesting case to watch as it winds its way to trial.  Whereas the Ross Ulbricht case relied on simple single transactions this case depends on a more complex series of blockchain transactions to prove the allegations against Carl Mark Force IV.  When it comes to entering information in as evidence this is likely a case that will be sited in much of the case law that will develop.

You also may have noticed the "numisgraph" links in the captions.  If you want to play along at home you can download the public alpha of the Numisight Bitcoin Explorer and load the attached files and explore the related transactions yourself.

Numisight Bitcoin Explorer Public Alpha Release

Today I am releasing a version of the tool I've been using to create the graphics you see on this website.  The Numisight Bitcoin Explorer can be downloaded from the Numisight website.

This version of the software provides the core visualization engine used in the full "Studio" version of the software.  The reporting and profile creation tools are not present a they are still under development.  You can save and load graphs as well as export as a PNG (with a watermark) any graphs you generate.  When loading an old graph please note that coins that were once unspent may now be included in a transaction.  The layout may also mutate from the saved graph because of this as the topology may change.

Using the search box you can copy in any address or transaction ID and the resulting transactions will be shown on the main canvas.  To expand a transaction you can double click the box, and to expand just the inputs and outputs you can use the context (right click) menu.  This menu also allows you to remove unwanted transactions.  Be careful however, currently I take no effort to restrict the amount of data that is shown on the canvas.  Pay attention to the number of inputs and outputs for each transaction to be sure the graph won't be overwhelming to look at.  There is a performance penalty for viewing large numbers of transactions, but usually you will encounter the usability issues of attempting to make sense of a thousand transactions before the performance penalty becomes troublesome.

For data I provide access to two public data sources (there were three, but one of them got out of the Bitcoin API game).  Bitpay Insight is the primary data provider, and BlockCypher is available on the configuration tab of the data screen.  If you use BlockCypher I recommend you provide your own API Key rather than sharing the bundled key.  Currently I only make use of the basic BlockCyper APIs, not any of the unique data sources like their library of double spend data.

The license for this version is of an evaluation license, and this version is licensed until block 400,000 is mined.  Currently this is not enforced in the software but that is something I am looking into.  If you want a more permissive license feel free to email us and we can work something out.

If you have any questions or problems, please email support.  Right now we have a Mac and Windows 64-bit version.  I'm working on getting a Linux (Ubuntu) version ready and that should be out within a week.  If these don't work for you email support and let us know what versions you may need.

For the next batch of blog posts I will be doing, I intend to release the .numisgraph files so that you can explore the transactions graphs yourself.  I may also be providing graph files that are not shown in the blog posts that are used to back up my analytic conclusions but don't add to the primary narrative.

FBI Silk Road Auction of March 2015

In March 2015 the US Marshals Service (USMS) held their third auction of bitcoins connected with the FBI case against Ross Ulbricht and the first Silk Road market.  Bids were submitted blindly on the 4th of March and the USMS moved the bitcoins on the 9th and 10th of March.

According to the auction announcement the funds were required to begin transfer by 2pm EST in Washington DC (which wound up being 1pm since daylight savings time began the day before).  Bids were to be "transferred to winning bidders in the order that each winning bid was received."  It appears that the winners had all their financial ducks in a row because the transfer of the bitcoins began promptly after the deadline passed.

Winner #1 - itBit

According to CoinDesk the winner of the first lot paid out, to the sum of 3,000BTC, was itBit.  Headquartered in New York itBit is a bitcoin exchange that also has a significant office in Singapore.

Transactions to the first winner of the auction.

Starting right after their lunch break the USMS sent a test transaction to the winning address of 50 mBTC.  This is a pattern we saw in the second auction and looks to be one they are going to be using going forward.    A half hour later the remaining bitcoins were transferred to the winning address.  No fees were paid for either of these transactions.

Based on who won these bitcoins and the immediate transactions that occurred it is my theory that the deposit went straight into the itBit operational wallet.  The two unspent transactions in this graph would represent a customer withdrawal and a "change address" ready for more use by the operational wallet.

Winner #2 - Unknown

It is currently unknown who won the 20K lot of bitcoins, which represents all of the series A blocks of bitcoin available. 

Transactions to the second winner of the auction.

The USMS initiated the second winner's transaction about a half an hour after completing the first one.  Again they began with a test transaction of 50mBTC and then two hours later completed the rest of the transaction.  It is unclear why there was more time for this transaction, representing 14 blocks between transactions rather than the single block for the first winner.  They also paid no fees to receive their bitcoin.

There is not much that can be said about this winner, other than they have exercised some excellent "privacy hygiene" when it comes to the transaction information.  The address is one that has not been seen on the blockchain prior to the auction, and the only action seen with the purchased amounts is a single sweeping transaction into a new address.  

Winner #3 - Unannounced

The third winner of the auction exhibits some connection to the Cumberland Mining & Materials LLC  of which very little is shown on their website.  They have not announced their participation but it is believed by many individuals that watch the blockchain that they were the initial recipients.

Transactions to the third winner of the auction.

The USMS initiated the transfer of the test 50 mBTC to the third winner about an hour after the last transaction, and then the USMS went home for the night.  This left the bitcoin community in suspense overnight over how much the third winner would receive and wondering if there would be a fourth winner.  But to their credit they were in the office super early the next morning to complete the transaction and sent the remaining balance to the third winner and thus wrapped up the auction before the markets opened on Tuesday.  The third winner paid a transaction fee of 100 bits for both the test transaction as well as the final transaction, the only transaction fees paid in the third auction.

The reason why any information is known about this winner is because they used an address that had been used before on the blockchain and this address was also mentioned on twitter.  Via some other internet detective work we can conclude that they have some connection to some other recognized names in the the exchange portion of the bitcoin ecosystem.  But those details are outside the scope of this blog.

However it does not appear that Cumberland kept all of the bitcoin for themselves, it appeared they were acting as a syndicate for their bid.

Detail of three transactions from the third auction winner.

Within three blocks transactions for 2K BTC, 14K BTC, and 5K BTC were peeled off of the awarded amount.  The remaining sum of nearly 6K BTC was short the test transaction amount and the fees paid to receive the initial sum.  Because of this I feel the 6K distribution remained with the administrator of the syndicate.

Nothing has been publicly stated about who the third winners were, nor who the members of the syndicate are.  There is also the possibility that these are cold storage amounts for the same entity.  However if it was cold storage I would have expected less movement of funds and more consistency in the size of the distributions.  This is why I feel four entities joined into this syndicate.

PSA - Don't Reuses Bitcoin Addresses

I'de like to finish with a public service announcement: don't reuse your wallet addresses.  Even the original paper on Bitcoin recognized the dangers of reusing addresses:

As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.  

 [Section 10: Privacy, Bitcoin: A Peer-to-Peer Electronic Cash System]

Note that for the second winner we have never seen any of their addresses before.  And the only reason we know anything about the third winner, their syndicate, and what they are doing with their transactions is because of a re-used address and a tweet associating that address to an identity.  

I cannot stress enough how keeping addresses as single use entities is the simplest and most effort effective means there is to increase your bitcoin privacy.